Microsoft is helping. The question is who are they helping? While Microsoft touts Windows 10 security enhancements, small businesses and entrepreneurs see another side to Windows 10, the side where Microsoft loads its new OS through automatic updates onto PCs with Windows 7 and Windows 8.1 without their knowledge or consent.

CSO details the results of the Microsoft misstep including corrupt system files and performance issues that make small business PCs vulnerable, which could make any large enterprise they serve vulnerable, too. Recommendations to hopefully revert control of the PC to the affected entities follow.

You may already have Windows 10 on your systems

“Microsoft is pushing out Windows 10 to individual computers (that is to say, unmanaged home and even SOHO systems) running Windows 7 and Windows 8.1 if Automatic Updates are enabled,” says Aryeh Goretsky, Researcher, ESET. As of this date, a number of news reports from various media outlets including IDG’s own Computerworld have confirmed this.

Posts and comments across the Internet on threads in technical forums and feature articles on the topic abound pointing up the woes of these updates. One disgruntled party commenting under the handle Flog says, I have Windows 10 updates pushed to OEM Windows 7 machines and never got anything asking me to reserve it or not, not even the notification icon in the system tray. The $Windows.~BT & .~WS folders are created on Win7 and Win8 machines. The $Windows.~BT\Sources\Panther has setupact.log & setuperr.log that shows what was done. The $Windows.~WS is a Hidden folder that contains Windows 10.

And when these updates do load, the first the small organization may hear of it is after the new software creates security and performance issues. While large companies have the means to sandbox and test updates before putting them into production, the small business is less likely to afford that luxury. “Large companies have a process in place to manage the updates so that they’re not going out before they’re tested,” says an attorney in the IT space who agreed to speak under conditions of anonymity.

More than one user reported receiving updates with a “Windows Update Standalone Installer” labeled as “required by your computer and cannot be uninstalled”, which in turn downloaded Windows 10.

“For smaller companies, they don’t have processes in place to do that. They typically just update the system,” says that same IT space attorney. And when those updates include several GBs and more of unwanted, unsecured software, that’s how the small business serving your big enterprise becomes your next vulnerability.

How this affected small businesses and consumers

A national rental company with nearly 400 PCs across the country was experiencing significant performance degradation on those systems. “We traced the problem to auto-update on all the PCs, which downloaded individual instances of Windows 10,” says Oli Thordarson, CEO, Alvaka Networks, the IT support service firm that turned off the updates and resolved the issue for this client.

How to avoid surreptitious Windows 10 installations

Reset Automatic Updates to only notify you about updates so you can research them and hide those you don’t want.

Uncheck the box under Recommended Updates and under Microsoft Update on the same screen.

Research each update by searching Microsoft’s website and the web by the update number in question in the format KB1234567. If an article or description doesn’t mention Windows 10 explicitly, read between the lines looking for mention of telemetry updates, new required update installers, and other questionable language.

Search forums such as www.sevenforums.com and www.eightforums.com for threads that cover these Windows 10 updates. Some of these threads will include the numbers of the problematic updates that people have identified.

Install a behavior-based tool like WinPatrol, which can alert you to changes to your system, including changes that would allow unchallenged windows updates.

Others complained of corrupted system files that Microsoft’s own System File Checker could not fix only to find out that updates with Windows 10 in them were the cause. I personally had the same experience, leading to issues on both the Windows 7 and Windows 8.1 systems in my office.

“Those small companies do business with large companies, as we saw in the case of Target, and certainly have the potential to create risks,” says an anonymous IT industry attorney. If any software vendor loaded software on your systems without your knowledge or consent, you might call that a backdoor simply because they had the access and ability to do so and they made a point of not telling you about it. And if you found out a vendor that served you had been served such a stealthy software surprise, wouldn’t you have governance in place to question it?

Regaining control of your PCs

I have found resources like this thread at Seven Forums helpful in isolating and removing some of the Windows 10 updates. Here is a list of some of the suspect updates, which I examined after pulling them from a list on Seven Forums:

“2952664 (Windows 10 Upgrade preparation)

2976978 (Windows 10 Upgrade preparation)

2977759 (Windows 10 Upgrade preparation)

2990214 (Windows 10 Upgrade preparation)

3021917 (Windows 10 Upgrade preparation + Telemetry)

3022345 (Telemetry); may affect System File Checker

3035583 (Windows 10 upgrade preparation)

3050265 (a June 2015 replacement for 2990214)

3065987 (a July 2015 replacement for 2990214); may be OK as it might allow a way to block other Win 10 related KBs.

3068708 (Telemetry) (a later replacement for 3022345)

3075249 (Telemetry); first seen 8/19/15

3080149 (Telemetry); first seen 8/19/15”

You may want to look for information about those listed as KB for Knowledge Base as in KB2952664, and so on.

Further, I found that when I removed and hid these updates, I also needed to examine new updates individually as some of these also had Windows 10 under the guise of other Microsoft Knowledge Base numbers and names. Posters to Seven Forums and other blogs, forums, and website comment sections reported similar experiences. Make sure to do your own due diligence and consult a technical professional before making changes to your systems.

The response from Microsoft is mixed depending on whose reports you read and what you believe. Some news features picture the software giant apologetic about its secret Windows 10 upgrade moves. But when you say you’re sorry, isn’t it assumed that you mean you’ll never do it again?

Latest Videos

Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.

With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.

According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.